Open-AudIT should be installed on 64bit systems only. You might try it on a 32bit system, but this will not be supported going forward.
These installation instructions and scripts have been tested on CentOS 6.3. Other versions may work. If you do install on another version and need to make alterations, please contribute this back to the community so others can also benefit.
The below commands should be run as the root user.
All items in CAPITALS should be substituted with actual specific values.
Make sure your server is up to date.
yum update
There are a few variables you should note down (they will be used later on).
HOSTNAME
uname -n
TIMEZONE
This should match a valid time zone for PHP. You can check which time zones PHP supports at http://www.php.net/manual/en/timezones.php
cat /etc/sysconfig/clock | grep ZONE | cut -d"\"" -f2
Install the various prerequisite packages.
You will need an external repo to install some items, so we'll set that up now.
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Install MySQL
yum -y install mysql mysql-server chkconfig --levels 235 mysqld on service mysqld start
Install Apache
yum -y install httpd chkconfig --levels 235 httpd on service httpd start
Install PHP, SNMP, zip and Nmap
yum -y install nano php php-cli php-mysql php-ldap php-mbstring php-mcrypt php-snmp php-xml nmap snmp zip
Disable SELinux
sed -i -e 's/SELINUX=/#SELINUX=/g' /etc/selinux/config echo "SELINUX=disabled" >> /etc/selinux/config setenforce 0
Configure IPTables
sed -i '1s/^/A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\n/' /etc/sysconfig/iptables sed -i '1s/^/A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\n/' /etc/sysconfig/iptables
Configure PHP (substituting $TIMEZONE from above).
sed -i -e 's/memory_limit/;memory_limit/g' /etc/php.ini echo "memory_limit = 512M" >> /etc/php.ini sed -i -e 's/max_execution_time/;max_execution_time/g' /etc/php.ini echo "max_execution_time = 300" >> /etc/php.ini sed -i -e 's/max_input_time/;max_input_time/g' /etc/php.ini echo "max_input_time = 600" >> /etc/php.ini sed -i -e 's/error_reporting/;error_reporting/g' /etc/php.ini echo "error_reporting = E_ALL" >> /etc/php.ini sed -i -e 's/display_errors/;display_errors/g' /etc/php.ini echo "display_errors = On" >> /etc/php.ini sed -i -e 's/upload_max_filesize/;upload_max_filesize/g' /etc/php.ini echo "upload_max_filesize = 10M" >> /etc/php.ini # Get a valid dat/time string from http://www.php.net/manual/en/timezones.php sed -i -e 's/date.timezone/;date.timezone/g' /etc/php.ini echo "date.timezone = $TIMEZONE" >> /etc/php.ini
Set the server name (substituting $HOSTNAME from above) and shell (used for scripts) for Apache and restart
echo "ServerName $HOSTNAME" >> /etc/httpd/conf/httpd.conf chsh -s /bin/bash apache service httpd restart
Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).
chmod u+s /usr/bin/nmap